|Publication number||US6880155 B2|
|Application number||US 09/243,108|
|Publication date||Apr 12, 2005|
|Filing date||Feb 2, 1999|
|Priority date||Feb 2, 1999|
|Also published as||CA2362010A1, CN1160626C, CN1324467C, CN1346465A, CN1591338A, DE60031370D1, DE60031370T2, EP1145107A2, EP1145107B1, US7444631, US20030028686, US20050097550, WO2000046667A2, WO2000046667A3|
|Publication number||09243108, 243108, US 6880155 B2, US 6880155B2, US-B2-6880155, US6880155 B2, US6880155B2|
|Inventors||Judith E. Schwabe, Joshua B. Susser|
|Original Assignee||Sun Microsystems, Inc.|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (51), Non-Patent Citations (15), Referenced by (64), Classifications (7), Legal Events (4)|
|External Links: USPTO, USPTO Assignment, Espacenet|
U.S. patent application Ser. No. 09/243,101, filed Feb. 2, 1999, in the names of inventors Judith E. Schwabe and Joshua Susser, entitled “Object-Oriented Instruction Set for Resource-Constrained Devices”, commonly assigned herewith;
U.S. patent application Ser. No. 09/243,107, filed Feb. 2, 1999, in the names of inventors Judith E. Schwabe and Joshua Susser, entitled “Zero Overhead Exception Handling”, commonly assigned herewith;
U.S. patent Ser. No. 10/664,216, entitled “Virtual Machine with Securely Distributed Bytecode Verification” by inventors Moshe Levy and Judith E, Schwabe, filed on Sep. 16, 2003, which is a continuation of U.S. patent Ser. No. 10/283,305, now U.S. Pat. No. 6,640,279, entitled “Virtual Machine with Securely Distributed Bytecode Verification” by inventors Moshe Levy and Judith E. Schwabe, filed on Oct. 30, 2002, which is a continuation of U.S. patent Ser. No. 09/547,225, now U.S. Pat. No. 6,546,454, entitled “Virtual Machine with Securely Distributed Bytecode Verification” by inventors Moshe Levy and Judith E. Schwabe, filed on Apr. 11, 2000, which is a continuation of parent application Ser. No. 08/839,621, now U.S. Pat. No. 6,092,147, filed Apr. 15, 1997 entitled “Virtual Machine with Securely Distributed Bytecode Verification” by inventors Moshe Levy and Judith E. Schwabe, commonly assigned herewith; and
In addition, an Appendix A entitled “Java Card Virtual Machine Specification: Java Card™ Version 2.1” is attached to this application and forms a part of the present specification.
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent disclosure as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.
The present invention relates, in general, to object-oriented, architecture-neutral programs for use with resource-constrained devices such as smart cards and the like.
A virtual machine is an abstract computing machine generated by a software application or sequence of instructions which is executed by a processor. The term “architecture-neutral” refers to programs, such as those written in the Java™ programming language, which can be executed by a virtual machine on a variety of computer platforms having a variety of different computer architectures. Thus, for example, a virtual machine being executed on a Windows™-based personal computer system will use the same set of instructions as a virtual machine being executed on a UNIX™-based computer system. The result of the platform-independent coding of a virtual machine's sequence of instructions is a stream of one or more bytecodes, each of which is, for example, a one-byte-long numerical code.
Use of the Java programming language has found many applications including, for example, those associated with Web browsers.
The Java programming language is object-oriented. In an object-oriented system, a “class” describes a collection of data and methods that operate on that data. Taken together, the data and methods describe the state of and behavior of an object.
The Java programming language also is verifiable such that, prior to execution of an application written in the Java programming language, a determination can be made as to whether any instruction sequence in the program will attempt to process data of an improper type for that bytecode or whether execution of bytecode instructions in the program will cause underflow or overflow of an operand stack.
A Java™ virtual machine executes virtual machine code written in the Java programming language and is designed for use with a 32-bit architecture. However, various resource-constrained devices, such as smart cards, have an 8-bit or 16-bit architecture.
Smart cards, also known as intelligent portable data-carrying cards, generally are made of plastic or metal and have an electronic chip that includes an embedded microprocessor to execute programs and memory to store programs and data. Such devices, which can be about the size of a credit card, typically have limited memory capacity. For example, some smart cards have less than one kilo-byte (1K) of random access memory (RAM) as well as limited read only memory (ROM), and/or non-volatile memory such as electrically erasable programmable read only memory (EEPROM).
Generally, programs running on a processor of a smart card determine the services offered by the card. As time passes, the programs on the card may need to be updated, for example in order to add a new function or to improve an existing function. To this end, the card should be able to accept new programs which may replace other programs.
Typically a virtual machine executing byte code (e.g., a full Java virtual machine) requires a sizable amount of memory in loading bytecode and resolving references. Particularly, in the Java virtual machine, symbolic references are used to refer to program elements such as the classes, methods and fields. A Reference to these program elements is resolved by locating the element using its symbolic name. Such operations require a relatively large random access memory (RAM). In an environment that has little RAM, this may not be feasible. Since smart cards are cost-sensitive, they rely on inexpensive, low performance processors and low capacity memory devices. Since cost and power reasons dictate that low-power and low-capacity processor and memory components be deployed in such resource constrained computers, the ability to operate the Java virtual machine on such resource constrained devices is both difficult and yet desirable.
In one aspect, a method downloads code to a resource constrained computer. The code is separable into at least one package having at least one referenceable item. The method includes forming the package; forming a mapping of the referenceable item to a corresponding token; and providing the package and the mapping.
In a second aspect, a method links code downloaded to a resource constrained computer. The method includes receiving the package; receiving a mapping of the referenceable item to a corresponding token; and linking the package using the mapping.
Advantages of the invention may include one or more of the following. The invention efficiently uses resource on a resource limited device by using smaller storage spaces through unique token identifiers. Further, the invention can link and resolve references to exported items on the resource limited device. Through metadata files such as export files, the invention allows exported elements to be published. Such publication, however, can be done so as to not expose private or proprietary elements and details of the applets and associated libraries. Thereby, various separately developed applications can be loaded onto a resource limited device and share their components with each other without compromising private secure information.
Moreover, the advantages of an architecture neutral language such as Java can be realized on a resource limited device while preserving its semantics. The tokens may also be used for internal or private elements. Thus, tokens can be assigned to private and package visible instance fields as well as package visible virtual methods. The invention imposes few constraints in assigning tokens, and the token categories may be further defined or optimized for particular applications. As such, the invention supports portable, architecture neutral code that is written once and that runs everywhere, even on resource constrained devices such as smart cards with limited storage capacity.
A method is described for representing linking information for object-oriented programs in a compact, secure format. Utilizing this method, said programs can be downloaded, linked and executed on a resource-constrained device. Resource-constrained devices are generally considered to be those that are restricted in memory and/or computing power or speed. Although the particular implementation discussed below is described in reference to a smart card, the invention can be used with other resource-constrained devices including, but not limited to, cellular telephones, boundary scan devices, field programmable devices, personal data assistants (PDAs) and pagers, as well as other small or miniature devices. In some cases, the resource-constrained device may have as little as 1K of RAM or as little as 16K of ROM. Similarly, some resource-constrained devices are based on an architecture designed for fewer than 32 bits. For example, some of the resource-constrained devices which can be used with the invention are based on an 8-bit or 16-bit architecture, rather than a 32-bit architecture.
In general, the CAP file 16 includes all the classes and interfaces defined in a single Java package and is represented by a stream of 8-bit bytes. All 16-bit and 32-bit quantities are constructed by reading in two or four consecutive 8-bit bytes, respectively. Among other things, the CAP file 16 includes a constant pool component (or “constant pool”) 18 which is packaged separately from a methods component 20. The constant pool 18 can include various types of constants including method and field references which are resolved either when the program is linked or downloaded to the smart card 40 or at the time of execution by the smart card. The methods component 20 specifies the application instructions to be downloaded to the smart card 40 and subsequently executed by the smart card. Further details of the structure of an exemplary CAP file 16 are discussed in the attached Appendix A at pages 53 through 94.
After conversion, the CAP file 16 can be stored on a computer-readable medium 17 such as a hard drive, a floppy disk, an optical storage medium, a flash device or some other suitable medium. Or the computer-readable medium can be in the form of a carrier wave, e.g., a network data transmission, or a radio frequency (RF) data link.
The CAP file 16 then can be copied or transferred to a terminal 22 such as a desktop computer with a peripheral card acceptance device (CAD) 24. The CAD 24 allows information to be written to and retrieved from the smart card 40. The CAD 24 includes a card port (not shown) into which the smart card 40 can be inserted. Once inserted, contacts from a connector press against the surface connection area on the smart card 40 to provide power and to permit communications with the smart card, although, in other implementations, contactless communications can be used. The terminal 22 also includes an installation tool 26 which loads the CAP file 16 for transmission to the card 40.
The smart card 40 has an input/output (I/O) port 42 which can include a set of contacts through which programs, data and other communications are provided. The card 40 also includes an installation tool 46 for receiving the contents of the CAP file 16 and preparing the applet for execution on the card 40. The installation tool 46 can be implemented, for example, as a Java program and can be executed on the card 40. The card 40 also has memory, including volatile memory such as RAM 50. The card 40 also has ROM 52 and non-volatile memory, such as EEPROM 54. The applet prepared by the controller 44 can be stored in the EEPROM 54.
In one particular implementation, the applet is executed by a virtual machine 49 running on a microprocessor 48. The virtual machine 49, which can be referred to as the Java Card virtual machine, need not load or manipulate the CAP file 16. Rather, the Java Card virtual machine 49 executes the applet code previously stored as part of the CAP file 16. The division of functionality between the Java Card virtual machine 49 and the installation tool 46 allows both the virtual machine and the installation tool to be kept relatively small.
In general, implementations and applets written for a resource-constrained platform such as the smart card 40 follow the standard rules for Java platform packages. The Java virtual machine and the Java programming language are described in T. Lindholm et al., The Java Virtual Machine Specification (1997), and K. Arnold et al., The Java Programming Language Second Edition, (1998), which are incorporated herein by reference in their entirety. Application programming interface (API) classes for the smart card platform can be written as Java source files which include package designations, where a package includes a number of compilation units and has a unique name. Package mechanisms are used to identify and control access to classes, fields and methods. The Java Card API allows applications written for one Java Card-enabled platform to run on any other Java Card-enabled platform. Additionally, the Java Card API is compatible with formal international standards such as ISO 7816, and industry-specific standards such as Europay/MasterCard/Visa (EMV).
Although a virtual machine 49 running on a microprocessor 48 has been described as one implementation for executing the bytecodes on the smart card 40, in alternative implementations, an application-specific integrated circuit (ASIC) or a combination of a hardware and firmware can be used instead.
The smart card platform, which can be used for other resource-constrained devices as well, supports dynamically created objects including both class instances and arrays. A class is implemented as an extension or subclass of a single existing class and its members are methods as well as variables referred to as fields. A method declares executable code that can be invoked and that passes a fixed number of values as arguments. Classes also can implement Java interfaces. An interface is a reference type whose members are constants and abstract methods. The virtual machine 49 may include an interpreter or native implementation which provides access to a runtime system which includes the Java Card API and supporting functionalities.
As shown in
As shown in
The conversion of a set of class files from, e.g., a Java application, to a CAP file 74 can generally occur on a desktop computer in preparation for installation on a smart card 40. The desktop computer 22 is generally not as resource constrained as a typical smart card 40. Additionally, the converting operation may be conducted on other suitable platforms as well.
As discussed in greater detail below, the CAP file 74 contains an export component 82 for resolving references to elements in its package, where those elements may be referenced by other packages. The export component 82 contains entries for static items such as classes, methods and fields. References to dynamic items such as instance fields, virtual methods and interface methods are not required to be presented in the export component, but may be handled according to processes described below.
In resource constrained devices, the use of Unicode strings to represent items consumes memory and processor resources. In place of strings, the export component 82 maps tokens, or simple unique numerical values, to particular elements defined in other components in the CAP file 74. The token values used to represent these elements in the export component match those published in a corresponding Export File 80.
In more detail, CAP file 74 has, among others, a header component 76, a constant pool 78, a method component 80, and an export component 78. The constant pool 78 typically includes one or more class, field and method references so that generally references to program elements or items are made indirectly through the package's constant pool 78. Method component 80 contains all the methods implemented by the applet package represented by CAP file 74. Method references resolve to methods located in the method component. Class and static field references resolve to locations in class components and static field components, respectively. These are described further in Appendix A.
Export component 78 includes one or more entries with a token value 84 and corresponding program element link information 86 that describes where in the package defined in the CAP file A 74 a particular program element is to be found. The link information is specific to the content of the CAP file 74, not the internal representation on a particular card. This component, therefore, does not describe card-specific private or secure information.
Converter 72 can also generate an Export file 80 during conversion of class files into a CAP file 74. One Export file is generated for each CAP file. Export file 80 typically has one or more entries with a symbolic name 90 for a particular program element in CAP file 74 and its corresponding token value 92. Export file 80 provides information about each externally accessible program element of the package of class files and program information in CAP file 74 that may be referenced (imported) by a second package into a second CAP file (described further below). For example, Export file 80 contains references to all of the public classes and interfaces defined in one Java package, and all of the public and protected fields and methods defined in those classes and interfaces. The Export file 80 also contains a mapping of these program elements or items to tokens which can then be used to map names for imported items to tokens during package conversion. The export file does not expose private or proprietary details of the applets and associated libraries. Thereby, various separately developed applications can be loaded onto a resource limited device and share their components with each other without compromising private secure information. The Export file 80 does not expose private or proprietary elements and details of the applets and associated libraries, separately developed applications can be loaded onto the card 40 and share their exported elements with each other without compromising private secure information.
With reference to
CAP file B 100 for the second package includes an import component 104 with a list of all packages referenced by the applet classes. Each such external package reference comprises a mapping 106 between an internal package token and an external unique Application Identifier (AID) for that package. Each package token is used in other components within CAP file 100 to identify a particular referenced external package in a concise manner, thereby reducing the footprint size of the representation of the applet.
The CAP file 100 also has, among others, a header component 102, an import component 104 and a constant pool 108. The constant pool 108 includes one or more class references 110, which map each class reference with corresponding package tokens, and class tokens, thereby mapping the specified class to its corresponding external package and class within that package. The use of these tokens is further described below. The constant pool 108 can also include one or more method references 112 which similarly map each method reference with corresponding package tokens, class tokens and method tokens. The constant pool 108 can also include one or more field references 114, each with its package token, class token, and field token, respectively.
Generally, references to program elements or items are made indirectly through the constant pool 108 of each package. References to items in other packages are called external, and are represented in terms of tokens. References to items in the same CAP file are called internal, and can be represented either in terms of tokens, or in a different internal format (such as pointers to locations within the CAP file). For example, the external reference 110 to a class is composed of a package token and a class token. Together those tokens specify a certain class in a certain external package. An internal reference to a class may be a pointer to the class structure's location within the CAP file. Alternatively, the external token system can be used internally as well. The external references 112-114 refer to a static class member, either a field or method, with a package token, a class token, and a token for the static field or static method. An internal reference to a static class member may be a pointer to the item's location in the CAP file, but can also use the token system. References to instance fields, virtual methods and interface methods consist of a class reference and a token of the appropriate type. The class reference indicates whether the reference is external or internal.
External references in a CAP file can be resolved on a card from token form into the internal representation used by the Java Card virtual machine. A token can only be resolved in the context of the package which defines it. Just as the export file maps from a package's externally visible names to tokens, there is a set of link information for each package on the card that maps from tokens to resolved references. In this manner, the converter 97 processes both the class files 92 and Export file 94, creating an image suitable for downloading the applet onto a resource limited device and resolving references (linking) to the first package.
After the pre-processing performed in
The image 200 of the package P2 includes, among other things, a header component 202, an import component 204, a constant pool 208, and a method component 216, all corresponding to the respective components 102, 104, 108, and 116 in CAP file B 100. The general organization of these components is described above with respect to the CAP files and in Appendix A. Typically, the method component 216 will include program references such as “new” (218), “invokestatic” (220) and “getstatic_b” (222) along with their respective invoked class references, method references, and field references.
Using the process of
As discussed above, instead of Unicode strings as are used in Java class files, tokens are used to identify items in a CAP file and to resolve references on the resource limited device. Tokens for an API are assigned by the API's developer and published in the package export file(s) for that API. Since the name-to-token mappings are published, an API developer may choose any order for tokens within constraints of the invention.
Token assignments for virtual methods preserve relationships within object oriented class hierarchies. Tokens for virtual methods and interface methods are used as indices into virtual method tables and interface method tables, respectively. A particular card platform can resolve tokens into an internal representation that is most useful for that implementation of a resource limited device VM.
Some tokens may be resolved to indices. For example, an instance field token may be resolved to an index into a class instance. In such cases, the token value can be distinct from and unrelated to the value of the resolved index.
Each kind of item in a package has its own independent scope for tokens of that kind. Sample token range and assignment rules for each kind of reference are listed below. Other ranges and assignments of tokens can be made.
Public or Private
Public or Private
The high bit of a package token is set to indicate an imported package. This is used to distinguish between external and internal references. As shown in
The process 230 first obtains a list of imported packages (step 231). The list can be in any order. Next, the process 230 checks whether the number of packages being imported exceeds a predetermined threshold such as 127 (step 232). In this case, a limit of 127 is used in order to represent a package token in 8-bits, with the high bit reserved. If the number of imported packages exceeds the predetermined threshold such as 127, the process fails (step 205).
Alternatively, the process 230 initializes the current token value to zero (step 233). Next, the process 230 initializes the current package to the first package in the list (step 234). The process 230 then checks whether the current package is null (step 235). If not, the process 230 assigns the current token to the current package (step 236). Next, the process 230 increments the current token value by one (step 237), and sets the current package to the next package in the list (step 238).
From step 235, in the event that the current package is null, indicating there are no more imported packages, the process 230 records the token in an Import component (step 239) and exits. References to items in imported packages use token values recorded in the imports component.
Turning now to
Turning now to
From step 258, in the event that the current field is null, indicating no more fields are left, the process 250 determines whether the current token is greater than a predetermined value such as 255 which is the maximum number of tokens that can be represented in 8-bits (step 266). If so, the process 250 fails (step 205). Alternatively, the process 250 records the token values in the export component table if the export component is to be generated (step 268). Finally, the process 250 publishes the token values in the export files (step 270).
Referring now to
From step 288, in the event a current field is null (no more fields), the process then checks whether the current token exceeds a predetermined threshold such as 255 which is the maximum numbers that can be represented using 8-bits (step 300). If so, the process 280 fails (step 205). Alternatively, if exporting, the process 280 records the token values in the export component (step 302). The process then publishes the token values in the Export file with the compiled time constants (step 304) so referencing packages can inline the respective values, before exiting.
Turning now to
From step 320, if the current method is null (no more methods) the process records the token value in the export component (step 328) and publishes the token values in the export file (step 330) before exiting.
Turning now to
Various factors may be considered in optimizing the general approach of
Referring now to
From step 382, if the current field is null, the process 370 publishes the token values of the public and protected instance fields in the export file (step 394) before exiting.
Referring now to
Exportable tokens for the externally visible introduced virtual methods in a class are numbered consecutively starting at one greater than the highest numbered exportable virtual method token of the class's superclass. If a method overrides a method implemented in the class's superclass, that method uses the same token number as the corresponding method in the superclass so that overridden methods may be identified as being related to the method they override.
Internal virtual method tokens are assigned differently from exportable virtual method tokens. If a class and its superclass are defined in the same package, the tokens for the package-visible introduced virtual methods in that class are numbered consecutively starting at one greater than the highest numbered internal virtual method token of the class's superclass. If the class and its superclass are defined in different packages, the tokens for the package-visible introduced virtual methods in that class are numbered consecutively starting at zero. If a method overrides a method implemented in the class's superclass, that method uses the same token number as the corresponding method in the superclass. For background information, the definition of the Java programming language specifies that overriding a package-visible virtual method is only possible if both the class and its superclass are defined in the same package. The high bit of the byte containing a virtual method token is always set to one, to indicate it is an internal token. The ordering of introduced package virtual method tokens in a class is not specified.
From step 404, in the event that the class does not have a superclass, the process 400 initializes to zero the current token value (step 416). From step 414 or step 416, the process 400 initializes the current method to the first virtual method in the list (step 418). Next, the process 400 determines whether the current method is null (step 420). If not, the process then determines whether the current virtual method is defined by the superclass (step 422). If so, the method is an override method and the same token value is assigned to the current method as the one assigned to the overridden method in the superclass (step 424) before looping back to step 420.
From step 422, in the event that the current virtual method is not defined by the superclass, it is an introduced method. In that case, the process 400 assigns a current token value to the current method (step 426) and increments the current token value by one (step 428). The process 400 then sets the current method to the next method in the list (step 430) before looping back to step 420. From step 420, in the event that the current method is null, the process 400 checks whether the current token value exceeds a predetermined value such as 127 (step 432). If so, the process 400 fails (step 205). Alternatively, if the token value is not greater than 127, the process 400 publishes the token values in the export file along with the inherited methods and their token values (step 434) before exiting. The process of
From step 444, in the event a class does not have a superclass, or from step 446, in the event that the superclass is not in the same package, the process 440 sets the current token value to zero (step 454). Particularly, if the superclass is not in the same package, package visible virtual methods of that superclass are not accessible and thus not included in step 454. These potential methods are accounted for when resolving references to virtual methods as described above in
From step 452 or step 454, the process 440 initializes the current method to the first virtual method in a list (step 456). Next, the process 440 checks whether the current method is null (step 458). If not, the process 440 checks whether the current virtual method is defined by a superclass (step 460). In this case the method is an override method. If so, the process 440 then assigns the same token value to the current method as assigned to the overriden method in the superclass (step 462) before looping back to step 458.
From step 460, if the current virtual method is not defined by its superclass it is an introduced method. In this case, the process 440 assigns a current token value to the current method and sets the high bit to one (step 464). The high bit of the virtual method token is used to determine whether it is a public or private virtual method token. Next, the process 440 increments the current token value by one (step 466) and sets the current method to the next method in the list (step 468) before looping back to step 458.
In step 458, in the event that the current method is null, the process 440 determines whether the current token value exceeds a value such as 127 (which is the maximum number representable in 8-bits with the high bit reserved) in step 470. If so, the process 440 fails (step 205). Alternatively, in the event that the current token value is within range, the process 440 exits. Note that tokens for package visible virtual methods are used internally and are not exported.
Virtual method references can only be resolved during execution. The virtual method table allows the card to determine which method to invoke based on the token as well as instances of the method's class. The token value is used as an index to the virtual method table.
Turning now to
The process 500 first gets a list of public and protected virtual methods in a class (step 502). Next, the virtual methods and tokens of the superclass are obtained (step 504). Step 504 is recursive, including all of the superclasses of the class. Next, the process 500 initializes a table by ordering virtual methods obtained in steps 502 and 504 by token values (step 506). This process assumes the process has at least one entry. The process 500 then initializes a count to a maximum virtual method token plus one (step 508). The process 500 also sets the base count to zero (step 510). Next, process 500 checks whether the count is positive (step 512). If so, the process checks whether the first entry in the table is defined by the current class (step 514). If not, the process removes the method from the table and shifts the remaining methods up in the table (step 518). The process 500 then decrements the count by one (step 520) and increments the base count by one (step 522) before looping back to step 512.
From step 514, in the event that the first entry is defined in the current class, or in the event that the count is zero in step 512, the process 500 proceeds to record the table, count and base in the class component (step 516) before exiting.
Referring now to
From step 533, if the current method is null, the process 524 publishes the superinterface list associated with the interface and the method token values in the export file (step 537) and exits.
Referring now to
Upon completing step 692, the process of
An interface table contains an entry for each interface directly implemented by a class, and for all superinterfaces of the directly implemented interfaces. Each entry in the interface table contains an identification of the interface and an interface method table. The table maps interface method declarations to implementations in the class.
Referring now to
From step 706, in the event that the current interface is null, the process 700 records the interfaces with their interface method tables in the class component (step 712) before exiting.
Referring now to
The dynamic binding of elements during execution is discussed next in
In the case of instance fields, tokens are assigned within the scope of the defining class. An instance of the class contains all of the fields defined not only by the class, but also by all of its superclasses. The tokens do not indicate the location of the field within the instance, since they cannot reflect a particular layout of the instance and cannot account for the location of private and package-visible fields defined by the superclass.
In the case of virtual methods, during compilation and conversion the name and type signature are known, as well as a class within a hierarchy that implements such a method. However, the exact implementation cannot be known until execution, when it is possible to determine the particular class of the instance on which the method is invoked. For example, both a class A and its superclass B implement a method definition M. It cannot be known until execution whether an invocation of the method M on an instance of compile-time type B will result in execution of the implementation of class A or of class B.
To provide a means for properly dispatching an invocation of a virtual method during execution, virtual method token assignment is scoped within a class hierarchy. That is, a method of a subclass that overrides a method previously introduced in a superclass inheritance chain must have the same token value as the method it overrides. Also, introduced methods (those methods that do not override methods defined in a superclass) must have token values that are unique within the inheritance chain. Virtual method tables are defined for each class to provide a means for mapping a virtual method token to a particular implementation.
Interface methods are similar to virtual methods in that the particular implementation cannot be known until execution time, but they differ in that interface methods can be inherited from multiple interfaces. Multiple inheritance of interface causes a problem with the way virtual method tokens are assigned. A method in a class which overrides a method introduced in more than one interface cannot necessarily have the same token value as the methods it overrides, as the multiple definitions may all have different values. Therefore each set of methods for a particular interface is assigned token values without regard to the token values of the methods of any other interface.
Because interfaces do not share token values, additional information is necessary to dispatch an interface method invocation to a particular method implementation. As interface method tokens are unique within the scope of an interface, both the interface method token and the identity of the interface are needed to determine the method implemented by the class of an instance at execution time. An interface table is defined for each class which maps an interface identity to an interface method table. The interface method table maps the interface method tokens for that interface to method implementations in that class.
Turning now to
In step 676, if the high bit equals one, the process 670 sets the high bit of the method table index to zero (step 690). It sets the base value to the package method table base of the current class (step 692) and sets the method table to the package virtual method table of the current class (step 694) before continuing to step 682.
From step 682, if the method table index is greater than the base, the process 670 obtains a method table entry using the method table index plus the base value (step 686). The process 670 then finds the method based on the content of the entry in the method table of the current class (step 688). Subsequently, the process 670 exits.
Referring now to
From step 656, in the event that the specified interface is found, the process 650 obtains the corresponding interface method table in the current class (step 662). It then obtains the virtual method token from the entry in the table whose index is equal to the interface method token (step 664). The process 650 then obtains the public virtual method table of the class of the instance (step 666). The process 650 gets the virtual method location from the entry in the table associated with the virtual method token (step 668). The process 650 then locates the method based on the content of the entry in the virtual method table (step 669). Once this is done, the process 650 exits.
Although the invention has been illustrated with respect to a smart card implementation, the invention applies to other devices with a small footprint such as devices that are relatively restricted or limited in memory or in computing power or speed. Such resource constrained devices may include boundary scan devices, field programmable devices, pagers and cellular phones among many others. The invention may prove advantageous when using servlets if there is object sharing between them. Certain desktop systems may also utilize the techniques of the invention.
The present invention also relates to apparatus for performing these operations. This apparatus may be specially constructed for the required purpose or it may comprise a general purpose computer as selectively activated or reconfigured by a computer program stored in the computer. The procedures presented herein are not inherently related to a particular computer or other apparatus. Various general purpose machines may be used with programs written in accordance with the teachings herein, or it may prove more convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these machines will appear from the description given. Further, it will be appreciated that a virtual machine consistent with the invention can provide functionality beyond that of earlier virtual machines, such as the virtual machines described in the Java™ Virtual Machine Specification.
While the Java™ programming language and platform are suitable for the invention, any language or platform having certain characteristics would be well suited for implementing the invention. These characteristics include type safety, pointer safety, object-oriented, dynamically linked, and virtual-machine based. Not all of these characteristics need to be present in a particular implementation. In some embodiments, languages or platforms lacking one or more of these characteristics may be utilized. A “virtual machine” could be implemented either in bits (virtual machine) or in silicon (real/physical machines/application specific integrated circuits). Also, although the invention has been illustrated showing object by object security, other approaches, such as class by class security could be utilized.
The system of the present invention may be implemented in hardware or in computer program. Each such computer program can be stored on a storage medium or device (e.g., CD-ROM, hard disk or magnetic diskette) that is readable by a general or special purpose programmable computer for configuring and operating the computer when the storage medium or device is read by the computer to perform the procedures described. The system also may be implemented as a computer-readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner.
The program is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. These steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It proves convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. It should be noted, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities.
While the invention has been shown and described with reference to an embodiment thereof, those skilled in the art will understand that the above and other changes in form and detail may be made without departing from the spirit and scope of the following claims.
Other embodiments are within the scope of the following claims.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US5367685||Dec 22, 1992||Nov 22, 1994||Firstperson, Inc.||Method and apparatus for resolving data references in generated code|
|US5613101||Jun 7, 1995||Mar 18, 1997||Apple Computer, Inc.||Method and apparatus for determining at execution compatibility among client and provider components where provider version linked with client may differ from provider version available at execution|
|US5615137||Jun 21, 1996||Mar 25, 1997||Lucent Technologies Inc.||On-the-fly model checking with partial-order state space reduction|
|US5619695 *||Feb 3, 1994||Apr 8, 1997||Lockheed Martin Corporation||Method and apparatus for scheduling resources|
|US5668999||Dec 20, 1994||Sep 16, 1997||Sun Microsystems, Inc.||System and method for pre-verification of stack usage in bytecode program loops|
|US5701408||Jul 10, 1995||Dec 23, 1997||International Business Machines Corporation||Method for testing computer operating or application programming interfaces|
|US5734822||Dec 29, 1995||Mar 31, 1998||Powertv, Inc.||Apparatus and method for preprocessing computer programs prior to transmission across a network|
|US5748964||Dec 20, 1994||May 5, 1998||Sun Microsystems, Inc.||Bytecode program interpreter apparatus and method with pre-verification of data type restrictions|
|US5778231||Dec 20, 1995||Jul 7, 1998||Sun Microsystems, Inc.||Compiler system and method for resolving symbolic references to externally located program files|
|US5778234 *||Jul 24, 1997||Jul 7, 1998||Paradyne Corporation||Method for downloading programs|
|US5802519||Feb 8, 1995||Sep 1, 1998||Belle Gate Investment B.V.||Coherent data structure with multiple interaction contexts for a smart card|
|US5841866 *||Sep 29, 1995||Nov 24, 1998||Microchip Technology Incorporated||Secure token integrated circuit and method of performing a secure authentication function or transaction|
|US5889992||Mar 28, 1996||Mar 30, 1999||Unisys Corp.||Method for mapping types stored in a model in an object-oriented repository to language constructs for A C binding for the repository|
|US5905987||Mar 19, 1997||May 18, 1999||Microsoft Corporation||Method, data structure, and computer program product for object state storage in a repository|
|US5937412 *||Dec 29, 1997||Aug 10, 1999||Alcatel Usa Sourcing, L.P.||Method and system for packaging service logic programs in an advanced intelligent network|
|US5966702 *||Oct 31, 1997||Oct 12, 1999||Sun Microsystems, Inc.||Method and apparatus for pre-processing and packaging class files|
|US5974454 *||Nov 14, 1997||Oct 26, 1999||Microsoft Corporation||Method and system for installing and updating program module components|
|US6005942 *||Mar 24, 1998||Dec 21, 1999||Visa International Service Association||System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card|
|US6038551 *||Mar 11, 1996||Mar 14, 2000||Microsoft Corporation||System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer|
|US6092147||Apr 15, 1997||Jul 18, 2000||Sun Microsystems, Inc.||Virtual machine with securely distributed bytecode verification|
|US6131159 *||May 8, 1992||Oct 10, 2000||Paradyne Corporation||System for downloading programs|
|US6141681 *||Aug 21, 1997||Oct 31, 2000||Advanced Micro Devices, Inc.||Method of and apparatus for transferring and interpreting a data package|
|US6145021 *||Jun 2, 1998||Nov 7, 2000||International Business Machines Corporation||Method and system for managing resource allocation for plug and play devices by providing only the resources required to the devices before system initialization|
|US6163811 *||Oct 21, 1998||Dec 19, 2000||Wildseed, Limited||Token based source file compression/decompression and its application|
|US6178546 *||Aug 31, 1998||Jan 23, 2001||Alcatel Usa Sourcing, L.P.||System and method of making software product deliverables|
|US6226744 *||Oct 9, 1997||May 1, 2001||At&T Corp||Method and apparatus for authenticating users on a network using a smart card|
|US6233683 *||Mar 24, 1998||May 15, 2001||Visa International Service Association||System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card|
|US6272674||Dec 14, 1998||Aug 7, 2001||Nortel Networks Limited||Method and apparatus for loading a Java application program|
|US6308317 *||Oct 24, 1997||Oct 23, 2001||Schlumberger Technologies, Inc.||Using a high level programming language with a microcontroller|
|US6349344||Dec 16, 1997||Feb 19, 2002||Microsoft Corporation||Combining multiple java class files into a run-time image|
|US6434561 *||May 9, 1998||Aug 13, 2002||Neomedia Technologies, Inc.||Method and system for accessing electronic resources via machine-readable data on intelligent documents|
|US6438550 *||Dec 10, 1998||Aug 20, 2002||International Business Machines Corporation||Method and apparatus for client authentication and application configuration via smart cards|
|US6470494||Nov 29, 1999||Oct 22, 2002||International Business Machines Corporation||Class loader|
|US6477702 *||Nov 9, 2000||Nov 5, 2002||Sun Microsystems, Inc.||Bytecode program interpreter apparatus and method with pre-verification of data type restrictions and object initialization|
|US6481632 *||Oct 26, 1999||Nov 19, 2002||Visa International Service Association||Delegated management of smart card applications|
|US6519767||Jun 7, 1995||Feb 11, 2003||Microsoft Corporation||Compiler and method for automatically building version compatible object applications|
|US6557032 *||Jun 5, 1998||Apr 29, 2003||International Business Machines Corporation||Data processing system using active tokens and method for controlling such a system|
|US20020040936 *||Oct 26, 1999||Apr 11, 2002||David C. Wentker||Delegated management of smart card applications|
|EP0292248A2||May 18, 1988||Nov 23, 1988||THE GENERAL ELECTRIC COMPANY, p.l.c.||Data processing system|
|EP0498130A2||Dec 10, 1991||Aug 12, 1992||International Business Machines Corporation||Apparatus and method for verifying compatibility of system components|
|EP0685792A1||May 24, 1995||Dec 6, 1995||AT&T Corp.||Model checking with state space reduction|
|EP0748135B1||Jun 15, 1994||Oct 28, 1998||Celltrace Communications Limited||Telecommunications system|
|EP0778520A2||Nov 27, 1996||Jun 11, 1997||Sun Microsystems, Inc.||System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources|
|EP0778522A2||Dec 3, 1996||Jun 11, 1997||Sun Microsystems, Inc.||System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs|
|EP0865217A2||Jun 15, 1994||Sep 16, 1998||Celltrace Communications Limited||Telecommunications system|
|WO1994030023A1||Jun 15, 1994||Dec 22, 1994||Celltrace Communications Limited||Telecommunications system|
|WO1998019237A1||Oct 22, 1997||May 7, 1998||Schlumberger Systemes||Using a high level programming language with a microcontroller|
|WO1998021258A1||Oct 7, 1997||May 22, 1998||Imperial Chemical Industries Plc||Process for making flexible polyurethane foams|
|WO2000000890A1||Jun 25, 1999||Jan 6, 2000||Deutsche Telekom Ag||Method for checking java byte code programmes for security characteristics|
|WO2000025278A1||Oct 26, 1999||May 4, 2000||Visa International Service Association||Delegated management of smart card applications|
|WO2000046666A2||Feb 2, 2000||Aug 10, 2000||Sun Microsystems, Inc.||Object-oriented instruction set for resource-constrained devices|
|1||"Java Developer's Journal Names Cyberflex Smart Card As Editor's Choice Finalist", Jan. 11, 1999, printed from http://www.slb.com/ir/news/sct-jdj0199.html on Jan. 15, 1999.|
|2||"Schlumberger Announces Cyberflex Access; Java(TM)-Based Smart Card Combines Multiple Application and Cryptographic Features for Information Security Market", Dec. 8, 1998, printed from http://www.cyberflex.slb.com/Ac...ex13 Access/cyberflex13 access.html on Jan. 15, 1999.|
|3||"What is the EmbeddedJava(TM) Application Environment" printed from http://java.sun.com/products/embeddedjava/overview.html on Jan. 27, 1999.|
|4||Basin, D. et al. "Java Bytecode Verification by Model Checking", CAV 99: 11<th >International Conference on Computer Aided Verification, vol. 1633 of LNCS, pp. 491-494 (1999).|
|5||Bowles et al., "A Comparison of Commercial Reliability Prediction Programs", Proceedings Annual Reliability and Maintainability Symposium, IEEE, pp. 450-455 (1990).|
|6||Cooper, Richard, "Persistent Languages Facilitate the Implementation of Software Version Management", IEEE, pp. 56-65 (1989).|
|7||Cyberflex-Opening Page, printed from http://www.cyberflex.slb.com on Jan. 15, 1999.|
|8||International Preliminary Examination Report, PCT/US01/28687, International filing date Sep. 14, 2001, date Search Report mailed Jan. 5, 2004.|
|9||International Search Report, PCT/US 01/28579, International filing date Sep. 12, 2001, date Search Report mailed- Jan. 5, 2004.|
|10||International Search Report, PCT/US 01/28688, International filing date Sep. 14, 2001, date Search report mailed- Jan. 5, 2004.|
|11||Java Card 2.0 Language Subset and Virtual Machine Specification Revision 1.0 Final, Oct. 13, 1997, Sun Microsystems, Inc.|
|12||*||Kermarrec et al., Introducing contrxtual objects . . . , Sep. 1998, p. 229-236.*|
|13||Lindsay et al., "A Generic Model for Fine Grained Configuration Management Including Version Control and Traceability", Proceedings of the Australian Software Engineering Conference (ASWEC'97), IEEE Computer Society, pp. 27-36 (1997).|
|14||Posegga, J. et al. "Byte Code Verification for Java Smart Cards Based on Model Checking", Sep. 16-18, 1998, Computer Sercurity-ESORICS 98, Proceedings of the 5th European Symposium on Research in Computer Security.|
|15||Suresh Subramanian, "CRUISE: Using Interface Hierarchies to Support Software Evolution", IEEE, 1988, pp. 132-142.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US7155702 *||Sep 13, 2001||Dec 26, 2006||Axalto Sa||Interface and stub generation for code distribution and synthesis|
|US7165246||Jan 16, 2003||Jan 16, 2007||Sun Microsystems, Inc.||Optimized representation of data type information in program verification|
|US7167908 *||Sep 27, 2002||Jan 23, 2007||Intel Corporation||Facilitating operation of a multi-processor system via a resolved symbolic constant|
|US7222331 *||Jan 16, 2003||May 22, 2007||Sun Microsystems, Inc.||Linking of virtual methods|
|US7272830||Jan 16, 2003||Sep 18, 2007||Sun Microsystems, Inc.||Ordering program data for loading on a device|
|US7281244||Jan 16, 2003||Oct 9, 2007||Sun Microsystems, Inc.||Using a digital fingerprint to commit loaded data in a device|
|US7383278 *||Dec 20, 2004||Jun 3, 2008||Microsoft Corporation||Systems and methods for changing items in a computer file|
|US7395269 *||Dec 20, 2004||Jul 1, 2008||Microsoft Corporation||Systems and methods for changing items in a computer file|
|US7484095||Jan 16, 2003||Jan 27, 2009||Sun Microsystems, Inc.||System for communicating program data between a first device and a second device|
|US7506175 *||Nov 5, 2001||Mar 17, 2009||International Business Machines Corporation||File language verification|
|US8037193 *||Dec 20, 2000||Oct 11, 2011||Telstra Corporation Limited||Virtual token|
|US8073783||Aug 22, 2007||Dec 6, 2011||Felsted Patrick R||Performing a business transaction without disclosing sensitive identity information to a relying party|
|US8074257 *||Dec 6, 2011||Felsted Patrick R||Framework and technology to enable the portability of information cards|
|US8079069||Dec 13, 2011||Oracle International Corporation||Cardspace history validator|
|US8083135||Dec 27, 2011||Novell, Inc.||Information card overlay|
|US8087060||Dec 27, 2011||James Mark Norman||Chaining information card selectors|
|US8121955||Jan 16, 2003||Feb 21, 2012||Oracle America, Inc.||Signing program data payload sequence in program loading|
|US8151324||Apr 29, 2008||Apr 3, 2012||Lloyd Leon Burch||Remotable information cards|
|US8353002||Jan 8, 2013||Apple Inc.||Chaining information card selectors|
|US8370913||Feb 5, 2013||Apple Inc.||Policy-based auditing of identity credential disclosure by a secure token service|
|US8407775 *||Mar 26, 2013||Xceed ID Corporation||Systems and methods for access control|
|US8473417||Jun 6, 2011||Jun 25, 2013||Oracle America, Inc.||Signing program data payload sequence in program loading|
|US8479254||Aug 22, 2007||Jul 2, 2013||Apple Inc.||Credential categorization|
|US8632003||Jan 27, 2009||Jan 21, 2014||Novell, Inc.||Multiple persona information cards|
|US8875997||Nov 30, 2011||Nov 4, 2014||Novell, Inc.||Information card overlay|
|US9142069||Nov 10, 2010||Sep 22, 2015||Xceedid Corporation||Systems and methods for access control|
|US9354904 *||Apr 24, 2006||May 31, 2016||Microsoft Technology Licensing, Llc||Applying packages to configure software stacks|
|US9361740||Oct 31, 2014||Jun 7, 2016||Xceedid Corporation||Systems and methods for access control|
|US20010007146 *||Dec 19, 2000||Jul 5, 2001||Uwe Hansmann||Method for providing a set of software components|
|US20020093856 *||Nov 5, 2001||Jul 18, 2002||International Business Machines Corporation||File language verification|
|US20030051233 *||Sep 13, 2001||Mar 13, 2003||Ksheerabdhi Krishna||Code distribution and synthesis|
|US20030163787 *||Dec 20, 2000||Aug 28, 2003||Hay Brian Robert||Virtual token|
|US20040073633 *||Sep 27, 2002||Apr 15, 2004||Eduri Eswar M.||Facilitating operation of a multi-processor system via a resolved symbolic constant|
|US20040143551 *||Jan 16, 2003||Jul 22, 2004||Sun Microsystems, Inc., A Delaware Corporation||Signing program data payload sequence in program loading|
|US20040143641 *||Jan 16, 2003||Jul 22, 2004||Sun Microsystems, Inc., A Delaware Corporation||System for communicating program data between a first device and a second device|
|US20040143820 *||Jan 16, 2003||Jul 22, 2004||Sun Microsystems, Inc., A Delaware Corporation||Optimized representation of data type information in program verification|
|US20040143827 *||Jan 16, 2003||Jul 22, 2004||Sun Microsystems, Inc., A Delware Corporation||Linking of virtual methods|
|US20040143831 *||Jan 16, 2003||Jul 22, 2004||Sun Microsystems, Inc., A Delaware Corporation||Ordering program data for loading on a device|
|US20040154013 *||Jan 16, 2003||Aug 5, 2004||Sun Microsystems, Inc., A Delaware Corporation||Using a digital fingerprint to commit loaded data in a device|
|US20060136356 *||Dec 20, 2004||Jun 22, 2006||Microsoft Corporation||Systems and methods for changing items in a computer file|
|US20060136500 *||Dec 20, 2004||Jun 22, 2006||Microsoft Corporation||Systems and methods for changing items in a computer file|
|US20070250812 *||Apr 24, 2006||Oct 25, 2007||Microsoft Corporation||Process Encoding|
|US20070261017 *||Apr 24, 2006||Nov 8, 2007||Microsoft Corporation||Applying Packages To Configure Software Stacks|
|US20080229383 *||Aug 22, 2007||Sep 18, 2008||Novell, Inc.||Credential categorization|
|US20080229384 *||Aug 22, 2007||Sep 18, 2008||Novell, Inc.||Policy-based auditing of identity credential disclosure by a secure token service|
|US20080229398 *||Aug 22, 2007||Sep 18, 2008||Novell, Inc.||Framework and technology to enable the portability of information cards|
|US20090077118 *||Nov 25, 2008||Mar 19, 2009||Novell, Inc.||Information card federation point tracking and management|
|US20090077627 *||Nov 25, 2008||Mar 19, 2009||Novell, Inc.||Information card federation point tracking and management|
|US20090077655 *||Jan 24, 2008||Mar 19, 2009||Novell, Inc.||Processing html extensions to enable support of information cards by a relying party|
|US20090178112 *||Mar 12, 2009||Jul 9, 2009||Novell, Inc.||Level of service descriptors|
|US20090199284 *||Feb 6, 2008||Aug 6, 2009||Novell, Inc.||Methods for setting and changing the user credential in information cards|
|US20090204622 *||Feb 11, 2008||Aug 13, 2009||Novell, Inc.||Visual and non-visual cues for conveying state of information cards, electronic wallets, and keyrings|
|US20090217368 *||Feb 27, 2008||Aug 27, 2009||Novell, Inc.||System and method for secure account reset utilizing information cards|
|US20090241178 *||Mar 24, 2008||Sep 24, 2009||Novell, Inc.||Cardspace history validator|
|US20090272797 *||Nov 5, 2009||Novell, Inc. A Delaware Corporation||Dynamic information card rendering|
|US20100011409 *||Jul 9, 2008||Jan 14, 2010||Novell, Inc.||Non-interactive information card token generation|
|US20100031328 *||Feb 4, 2010||Novell, Inc.||Site-specific credential generation using information cards|
|US20100095372 *||Oct 9, 2008||Apr 15, 2010||Novell, Inc.||Trusted relying party proxy for information card tokens|
|US20100176194 *||Jul 15, 2010||Novell, Inc.||Information card overlay|
|US20100187302 *||Jan 27, 2009||Jul 29, 2010||Novell, Inc.||Multiple persona information cards|
|US20100212007 *||Aug 19, 2010||Lsi Corporation||Systems and methods for access control|
|US20100251353 *||Mar 25, 2009||Sep 30, 2010||Novell, Inc.||User-authorized information card delegation|
|US20100316898 *||Aug 26, 2010||Dec 16, 2010||Medtronic, Inc.||Lithium-ion battery|
|US20110115603 *||Nov 10, 2010||May 19, 2011||XceedID Inc.||Systems and Methods for Access Control|
|International Classification||G06K19/07, G06F9/54, G06F9/445|
|Cooperative Classification||G06F9/45504, G06F9/44521|
|Apr 30, 1999||AS||Assignment|
Owner name: SUN MICROSYSTEMS, INC., CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SCHWABE, JUDITH E.;SUSSER, JOSHUA B.;REEL/FRAME:009918/0598
Effective date: 19990422
|Sep 22, 2008||FPAY||Fee payment|
Year of fee payment: 4
|Sep 1, 2011||AS||Assignment|
Owner name: ORACLE AMERICA, INC., CALIFORNIA
Effective date: 20100212
Free format text: CHANGE OF NAME;ASSIGNOR:SUN MICROSYSTEMS, INC.;REEL/FRAME:026843/0357
|Sep 12, 2012||FPAY||Fee payment|
Year of fee payment: 8